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DETAILED ACTION 
Response to Amendment 

This office action is in response to amendment filed on 02/06/06. The amendment filed 
on 02/06/06 have been entered and made of record. Therefore, presently pending claims are 24- 
47. 

Response to Arguments 

Applicant's arguments filed 02/06/06 have been fully considered. The reference of Firth 
is added to overcome the deficiencies of Williams and O'brien. 

Claim Rejections -35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 27-42 and 46-47 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Williams (U.S. Patent 5,996,077) in view of O'Brien et al. (6,658,571 Bl), and Firth et al 
(5,987,517). 

In reference to claim 27, Williams discloses a hierarchical arrangement of security 
devices for securing a protected network through a plurality of security devices (abstract). The 
device consists of a legacy firewall (security device A, principle device) connected to each of a * 
plurality of communication interfaces (public and protected network) and executing at least on 
inspection module is software code configured to carry out an operation of providing protocol 
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information for a particular protocol to said firewall core (column 5 line 53 to column 6 line 6); 
and a new inspection module inserted into an operating memory of said firewall core wherein 
said new inspection module is software code configured to carry out an operation of providing 
protocol information for a particular protocol to said firewall core (column 4 lines 1-28 in 
combination with Fig. 2). 

Although Williams discloses the next generation of firewall coexisting with the legacy 
firewall, Williams does not expressly disclose the new inspection module inserted during 
operation of said firewall core. 

However, O'Brien disclose the separate subsystem consisting of at least one inspection 
module coupled for communication to the user space, said inspection module configured to 
provide protocol inspection of data (column 3 lines 39-56), said inspection module is further 
configured to be installed during the operation of the system (column 3 lines 56-64). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use security modules as in O'Brien to provide protocol inspection in the system 
of Williams. One of ordinary skill in the art would have been motivated to do this because 
security information that is application and resource specific which would reduce the damage 
that malicious software can cause in the event that malicious software is accidentally executed 
without additional hardware, or modification to the individual software applications or the 
underlying operating system. 

Williams discloses a firewall core, however Williams does not discloses a system 
wherein the new particular protocol is different from each of the particular protocol provided by 
each of the at least one inspection module. 
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Firth discloses a system wherein the new particular protocol is different from each of the 
particular protocol provided by each of the at least one inspection module (column 4 lines 13- 
15). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to functionally for a new protocol as in Firth in the system of Williams. One of 
ordinary skill in the art would have been motivated to do this because it would allow the easy 
establishment of communications with a variety of computer networks. 

In reference to claim 32, Williams discloses a hierarchical arrangement of security 
devices for securing a protected network through a plurality of security devices (abstract). A 
communication unit wherein said communication unit is operatively coupled to each one of 
communication interfaces connected to said network (parts 101 and 102 Fig. 2). A firewall core 
(principle device) and one of said at least one inspection modules (security devices) and wherein 
each said at least one inspection module is software code configured to carry out the operation of 
providing protocol information and to inspect data packets of a particular protocol (column 4 
lines 1-28 in combination with Fig. 2). 

Although Williams discloses the communication to the security devices (Fig 2.) 
Williams does not disclose a set of call back functions, retrieved from said inspection module, 
each function providing communication between the firewall core and the inspection module. In 
addition the firewall core (principle device) disclosed by Williams is not further configured to 
monitor memory to determine when a new inspection module is loaded into said memory. 

O'Brien discloses a set of callback functions, retrieved from said inspection module, each 
said function providing communication between the security master and said inspection module 
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(column 5 lines 15-27). In addition the system of O'Brien is configured to monitor a memory to 
determine when a new inspection module is loaded into said memory (column 5 lines 28-46). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skill in the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

Williams discloses a firewall core, however Williams does not discloses a system wherein the 
new particular protocol is different from each of the particular protocol provided by each of the 
at least one inspection module. 

Firth discloses a system wherein the new particular protocol is different from each of the 
particular protocol provided by each of the at least one inspection module (column 4 lines 13- 
15). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to functionally for a new protocol as in Firth in the system of Williams. One of 
ordinary skill in the art would have been motivated to do this because it would allow the easy 
establishment of communications with a variety of computer networks. 

In reference to claim 36, Williams discloses a hierarchical arrangement of security 
devices for securing a protected network through a plurality of security devices (abstract). The 



Application/Control Number: 09/504,005 Page 6 

Art Unit: 2135 

inspection unit is configured to inspect and authorize data packets (column 4 lines 62-65); a 
function table which corresponds to a connection table (column 7 lines 31-36). 

Although Williams discloses the communication to the security devices (Fig 2.) and a 
connection table, Williams does not disclose a set. of call back functions, retrieved from said 
inspection module, each function providing communication between the firewall core and the 
inspection module. In addition the firewall core (principle device) disclosed by Williams is not 
further configured to monitor memory to determine when a new inspection module is loaded into 
said memory. 

O'Brien discloses a set of callback functions, retrieved from said inspection module, each 
said function providing communication between the security master and said inspection module 
(column 5 lines 15-27). In addition the system of O'Brien is configured to monitor a memory to 
determine when a new inspection module is loaded into said memory (column 5 lines 28-46). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skill in the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

Williams discloses a firewall core, however Williams does not discloses a system wherein the- 
new particular protocol is different from each of the particular protocol provided by each of the 
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at least one inspection module. 

Firth discloses a system wherein the new particular protocol is different from each of the 
particular protocol provided by each of the at least one inspection module (column 4 lines 13- 
15). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to functionally for a new protocol as in Firth in the system of Williams. One of 
ordinary skill in the art would have been motivated to do this because it would allow the easy 
establishment of communications with a variety of computer networks. 

In reference to claims 39 and 43, Williams discloses a hierarchical arrangement of 
security devices for securing a protected network through a plurality of security devices 
(abstract). The inspection unit is configured to inspect and authorize data packets (column 4 
lines 62-65). 

O'Brien discloses a) loading an inspection module comprising new protocol inspection 
knowledge and a function table having a set of callback functions (column 5 lines 1-27); to b) 
notifying the security master of said inspection module (column 5 lines 12-27); and c) 
communicating said set of callback functions to the security master (column 5 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skill in the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
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executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

Williams discloses a firewall core, however Williams does not discloses a system wherein the 
new particular protocol is different from each of the particular protocol provided by each of the 
at least one inspection module. 

Firth discloses a system wherein the new particular protocol is different from each of the 
particular protocol provided by each of the at least one inspection module (column 4 lines 13- 
15). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to functionally for a new protocol as in Firth in the system of Williams. One of 
ordinary skill in the art would have been motivated to do this because it would allow the easy 
establishment of communications with a variety of computer networks. 

In reference to claim 28, wherein the firewall core is configured to monitor said operation 
memory for said new inspection module. 

O'Brien is configured to monitor a memory to determine when a new inspection module is 
loaded into said memory (column 5 lines 28-46). 

At the time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skill in the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
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executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

In reference to claims 29 and 46, wherein said inspection module further comprises 
callback functions, said functions communicated to said firewall core and providing 
communication between said firewall core and said inspection module. 
Williams does not expressly disclose the use of callback functions which communicate to the 
firewall core and providing communication between the firewall core and said inspection 
module. 

O'Brien discloses a set of callback functions, retrieved from said inspection module, each 
said function providing communication between the security master and said inspection module 
(column 5 lines 15-27) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skiUin the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

In reference to claims 30, 37, 42, 47, wherein each said at least one inspection module 
and new inspection module are each further configured to indicate to said firewall core for which 
protocol for data packets said inspection module is configured to provide inspection (column 7 
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lines 29-47 in combination with column 6 lines 1-6). 

In reference to claims 31 and 34, wherein each data packet intercepted by said firewall 
core further includes session information comprising address and port data (column 5 line 60 to 
column 6 line 6), the firewall core further configured to map said session information for each 
said data packet to one of said at least one inspection modules and the new inspection module 
(column 7 lines 35-47). 

In reference to claim 33, wherein said communication unit further configured to intercept 
network data communicated via each of said plurality of communication interfaces (Fig. 2). 

In reference to claims 35, 38, 41, and 45, wherein said communication unit is further 
configured to communicate a packet between said communication interface and one of said at ' 
least one inspection, modules (Fig. 2). 

In reference to claims 40, and 44, further comprising enabling said inspection module, 
prior to communicating said set of callback function to said firewall core. The new information 
is used to filter packets therefore the new rules, provided by the security device, are in an 
enabled state similar to the state of the principle device. 

Claims 43-45 are rejected under 35 U.S.C. 103(a) as being unpatentable over Williams 
(U.S. Patent 5,996,077) in view of O'Brien et al. (6,658,571 Bl). 

In reference to claim 43, Williams discloses a hierarchical arrangement of security 
devices for securing a protected network through a plurality of security devices (abstract). The 
inspection unit is configured to inspect and authorize data packets (column 4 lines 62-65). 

O'Brien discloses a) loading an inspection module comprising new protocol inspection 
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knowledge and a function table having a set of callback functions (column 5 lines 1-27); to b) 
notifying the security master of said inspection module (column 5 lines 12-27); and c) 
communicating said set of callback functions to the security master (column 5 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use callback functions from security modules as in O'Brien to provide protocol 
inspection in the system of Williams. One of ordinary skill in the art would have been motivated 
to do this because callback functions allow the security modules to communicate with the user 
space so that security information that is application and resource specific which would reduce 
the damage that malicious software can cause in the event that malicious software is accidentally 
executed without additional hardware, or modification to the individual software applications or 
the underlying operating system. 

Williams discloses a firewall core, however Williams does not discloses a system 
wherein the new particular protocol is different from each of the particular protocol provided by 
each of the at least one inspection module. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to functionally for a new protocol as in Firth in the system of Williams. One of 
ordinary skill in the art would have been motivated to do this because it would allow the easy 
establishment of communications with a variety of computer networks. 

In reference to claim 44, further comprising enabling said inspection module, prior to 
communicating said set of callback function to said firewall core. The new information is used 
to filter packets therefore the new rules, provided by the security device, are in an enabled state 
similar to the state of the principle device. 
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In reference to claim 45, wherein said communication unit is further configured to 
communicate a packet between said communication interface and one of said at least one 
inspection modules (Fig. 2). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 . 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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